4. Overwrite from Performance Data Variable
PerfDataMemAddr was used to hold the address of a buffer for performance data, and this variable could be arbitrarily modified by runtime software. This could cause firmware to corrupt its own code/data.
This is addressed by EDK2 SVN https://sourceforge.net/p/edk2/code/14386.
Reported by the Advanced Threat Research team at Intel Security.